[tor-bugs] #32156 [- Select a component]: NSS Internal PKCS#11 Module out of date in TOR 8.5.5 causing invalid certificate RSS failures

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 18 20:35:46 UTC 2019


#32156: NSS Internal PKCS#11 Module out of date in TOR 8.5.5 causing invalid
certificate RSS failures
------------------------------+--------------------------------------
 Reporter:  cypherpunks       |          Owner:  (none)
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Component:  - Select a component
  Version:  Tor: unspecified  |       Severity:  Normal
 Keywords:  PKCS RSS          |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+--------------------------------------
 TOR 8.5.5 is based on Mozilla Firefox 60.9.0esr (32-bit)
 The latest version of NON-TOR (64 bit windows) Firefox is Ver 69.0.3

 The PKCS#11 Module included with the TOR version of firefox is now out of
 date.
 The version of PKCS #11 used by the latest version of Firefox is 3.45
 The version reported by TOR is 3.36

 This newer version of PKCS #11 includes the many Cert issuers in it's list
 of trusted authorities that the current Tor version of Firefox DOES NOT.

 This leads to users experiencing security errors when trying to access
 properly configured sites with valid certs under TOR that work properly
 for them outside the TOR system:

 ====<error message>====
 Your connection is not secure

 The owner of "sitename.com" has configured their website improperly. To
 protect your information from being stolen, Tor Browser has not connected
 to this website.
 =======================

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32156>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list